From 9d7c90707095d35a8f27a6675b2e360c3cb486d2 Mon Sep 17 00:00:00 2001 From: "jan.nijtmans" Date: Wed, 16 Feb 2022 14:33:57 +0000 Subject: Fix [7deeddb36]: signed integer overflow in Tcl_ScanObjCmd() --- generic/tclScan.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/generic/tclScan.c b/generic/tclScan.c index 6ab17bd..f6ff7a9 100644 --- a/generic/tclScan.c +++ b/generic/tclScan.c @@ -923,7 +923,7 @@ Tcl_ScanObjCmd( if (Tcl_GetWideIntFromObj(NULL, objPtr, &wideValue) != TCL_OK) { wideValue = ~(Tcl_WideUInt)0 >> 1; /* WIDE_MAX */ if (TclGetString(objPtr)[0] == '-') { - wideValue++; /* WIDE_MAX + 1 = WIDE_MIN */ + wideValue += 1U; /* WIDE_MAX + 1 = WIDE_MIN */ } } if ((flags & SCAN_UNSIGNED) && (wideValue < 0)) { -- cgit v0.12 From 530446f68e748c71bcd26835ca42576d1dbdc17e Mon Sep 17 00:00:00 2001 From: "jan.nijtmans" Date: Wed, 16 Feb 2022 14:53:26 +0000 Subject: Fix [89de498973]: signed integer overflow in TclParseNumber() --- generic/tclStrToD.c | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/generic/tclStrToD.c b/generic/tclStrToD.c index 372fe77..1a1c2ac 100644 --- a/generic/tclStrToD.c +++ b/generic/tclStrToD.c @@ -1312,7 +1312,7 @@ TclParseNumber( objPtr->typePtr = &tclWideIntType; if (signum) { objPtr->internalRep.wideValue = - - (Tcl_WideInt) octalSignificandWide; + (Tcl_WideInt) (-octalSignificandWide); } else { objPtr->internalRep.wideValue = (Tcl_WideInt) octalSignificandWide; @@ -1327,7 +1327,7 @@ TclParseNumber( objPtr->typePtr = &tclIntType; if (signum) { objPtr->internalRep.longValue = - - (long) octalSignificandWide; + (long) (-octalSignificandWide); } else { objPtr->internalRep.longValue = (long) octalSignificandWide; @@ -1359,7 +1359,7 @@ TclParseNumber( objPtr->typePtr = &tclWideIntType; if (signum) { objPtr->internalRep.wideValue = - - (Tcl_WideInt) significandWide; + (Tcl_WideInt) (-significandWide); } else { objPtr->internalRep.wideValue = (Tcl_WideInt) significandWide; @@ -1374,7 +1374,7 @@ TclParseNumber( objPtr->typePtr = &tclIntType; if (signum) { objPtr->internalRep.longValue = - - (long) significandWide; + (long) (-significandWide); } else { objPtr->internalRep.longValue = (long) significandWide; -- cgit v0.12 From d203d159b9f52796cd28cad53f0c6d777caadf11 Mon Sep 17 00:00:00 2001 From: "jan.nijtmans" Date: Wed, 16 Feb 2022 15:24:35 +0000 Subject: Fix [c6fea6ba6]: possible signed integer overflow in Tcl_GetLongFromObj(), Tcl_GetWideIntFromObj() --- generic/tclObj.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/generic/tclObj.c b/generic/tclObj.c index 1fd674f..029d3c0 100644 --- a/generic/tclObj.c +++ b/generic/tclObj.c @@ -2816,7 +2816,7 @@ Tcl_GetLongFromObj( value = (value << CHAR_BIT) | *bytes++; } if (big.sign) { - *longPtr = - (long) value; + *longPtr = (long) (0-value); } else { *longPtr = (long) value; } @@ -3116,7 +3116,7 @@ Tcl_GetWideIntFromObj( value = (value << CHAR_BIT) | *bytes++; } if (big.sign) { - *wideIntPtr = - (Tcl_WideInt) value; + *wideIntPtr = (Tcl_WideInt) (0-value); } else { *wideIntPtr = (Tcl_WideInt) value; } -- cgit v0.12 From 247cb91a652499e2b90c89568c3995206148c28c Mon Sep 17 00:00:00 2001 From: "jan.nijtmans" Date: Wed, 16 Feb 2022 16:10:22 +0000 Subject: Fix [1c60dca341]: signed integer overflow in Tcl_SetBignumObj() --- generic/tclObj.c | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/generic/tclObj.c b/generic/tclObj.c index 029d3c0..f7bb44c 100644 --- a/generic/tclObj.c +++ b/generic/tclObj.c @@ -2816,7 +2816,7 @@ Tcl_GetLongFromObj( value = (value << CHAR_BIT) | *bytes++; } if (big.sign) { - *longPtr = (long) (0-value); + *longPtr = (long) (-value); } else { *longPtr = (long) value; } @@ -3116,7 +3116,7 @@ Tcl_GetWideIntFromObj( value = (value << CHAR_BIT) | *bytes++; } if (big.sign) { - *wideIntPtr = (Tcl_WideInt) (0-value); + *wideIntPtr = (Tcl_WideInt) (-value); } else { *wideIntPtr = (Tcl_WideInt) value; } @@ -3547,7 +3547,7 @@ Tcl_SetBignumObj( goto tooLargeForLong; } if (bignumValue->sign) { - TclSetLongObj(objPtr, -(long)value); + TclSetLongObj(objPtr, (long)(-value)); } else { TclSetLongObj(objPtr, (long)value); } @@ -3573,7 +3573,7 @@ Tcl_SetBignumObj( goto tooLargeForWide; } if (bignumValue->sign) { - TclSetWideIntObj(objPtr, -(Tcl_WideInt)value); + TclSetWideIntObj(objPtr, (Tcl_WideInt)(-value)); } else { TclSetWideIntObj(objPtr, (Tcl_WideInt)value); } -- cgit v0.12 From c9599e745ab10316ab4bb48c8d129ce9f5cee15b Mon Sep 17 00:00:00 2001 From: "jan.nijtmans" Date: Wed, 16 Feb 2022 16:18:08 +0000 Subject: Fix [7f8a3d9818]: signed integer overflow in tclExecute.c --- generic/tclExecute.c | 16 ++++++++-------- 1 file changed, 8 insertions(+), 8 deletions(-) diff --git a/generic/tclExecute.c b/generic/tclExecute.c index 2faf213..97ac1f0 100644 --- a/generic/tclExecute.c +++ b/generic/tclExecute.c @@ -1898,7 +1898,7 @@ TclIncrObj( if ((type1 == TCL_NUMBER_LONG) && (type2 == TCL_NUMBER_LONG)) { long augend = *((const long *) ptr1); long addend = *((const long *) ptr2); - long sum = augend + addend; + long sum = (long)((unsigned long)augend + (unsigned long)addend); /* * Overflow when (augend and sum have different sign) and (augend and @@ -1949,7 +1949,7 @@ TclIncrObj( TclGetWideIntFromObj(NULL, valuePtr, &w1); TclGetWideIntFromObj(NULL, incrPtr, &w2); - sum = w1 + w2; + sum = (Tcl_WideInt)((Tcl_WideUInt)w1 + (Tcl_WideUInt)w2); /* * Check for overflow. @@ -3929,7 +3929,7 @@ TEBCresume( if (GetNumberFromObj(NULL, objPtr, &ptr, &type) == TCL_OK) { if (type == TCL_NUMBER_LONG) { long augend = *((const long *)ptr); - long sum = augend + increment; + long sum = (long)((unsigned long)augend + (unsigned long)increment); /* * Overflow when (augend and sum have different sign) and @@ -3977,7 +3977,7 @@ TEBCresume( Tcl_WideInt sum; w = *((const Tcl_WideInt *) ptr); - sum = w + increment; + sum = (Tcl_WideInt)((Tcl_WideUInt)w + (Tcl_WideUInt)increment); /* * Check for overflow. @@ -6506,7 +6506,7 @@ TEBCresume( case INST_ADD: w1 = (Tcl_WideInt) l1; w2 = (Tcl_WideInt) l2; - wResult = w1 + w2; + wResult = (Tcl_WideInt)((Tcl_WideUInt)w1 + (Tcl_WideUInt)w2); #ifdef TCL_WIDE_INT_IS_LONG /* * Check for overflow. @@ -6521,7 +6521,7 @@ TEBCresume( case INST_SUB: w1 = (Tcl_WideInt) l1; w2 = (Tcl_WideInt) l2; - wResult = w1 - w2; + wResult = (Tcl_WideInt)((Tcl_WideUInt)w1 - (Tcl_WideUInt)w2); #ifdef TCL_WIDE_INT_IS_LONG /* * Must check for overflow. The macro tests for overflows in @@ -9146,7 +9146,7 @@ ExecuteExtendedBinaryMathOp( switch (opcode) { case INST_ADD: - wResult = w1 + w2; + wResult = (Tcl_WideInt)((Tcl_WideUInt)w1 + (Tcl_WideUInt)w2); #ifndef TCL_WIDE_INT_IS_LONG if ((type1 == TCL_NUMBER_WIDE) || (type2 == TCL_NUMBER_WIDE)) #endif @@ -9162,7 +9162,7 @@ ExecuteExtendedBinaryMathOp( break; case INST_SUB: - wResult = w1 - w2; + wResult = (Tcl_WideInt)((Tcl_WideUInt)w1 - (Tcl_WideUInt)w2); #ifndef TCL_WIDE_INT_IS_LONG if ((type1 == TCL_NUMBER_WIDE) || (type2 == TCL_NUMBER_WIDE)) #endif -- cgit v0.12